4. Suricata fails to start

Suricata fails to start

  • ?

    This post is deleted!
    0
  • N

    Increase the memory for the Stream Memory Cap

    0

  • You have an eight-core CPU, so as @ntct says, increase the Stream Memcap value on the FLOW/STREAM tab to at least 256 MB and try to start again.  Keep increasing the value in 4 MB or 8 MB chunks until Suricata starts.  You can then try backing it down if you wish until it breaks, then bump it up slightly.  Some changes in the Suricata binary in a recent revision caused an increase in needed stream memory when using high core-count CPUs.  The old default of 32 MB is too low.

    Bill

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy